Hi FreeRDP Developers,

I am currently working on network level authentication, and I was
considering the addition of the X.509 ASN.1 module in the asn1c-generated
code. In NLA, the last packet of the authentication sequence sent by the
client is bundled with the encrypted public key from the original
certificate sent by the server. However, the public key isn't really "just"
the public key, it's the public key encapsulated into some other ASN.1 data
structure. I looked at the patch submitted to rdesktop that uses libsamba,
and the code "manually" adds the required encoding to the public key. I
could hack something quickly to get a similar result, but I was thinking
that having the X.509 module would be helpful for easier certificate
parsing, such as in tls_verify. OpenSSL does parse the certificate for us,
but being dependent on OpenSSL makes it harder to try to switch to another
cryptographic library in the future.

The ASN.1 module is readily available here:
http://www.itu.int/ITU-T/formal-language/itu-t/x/x509/2008/AuthenticationFramework.asn
X.509 has more than one module:
http://www.itu.int/ITU-T/recommendations/fl.aspx?lang=1&rec=509&module=&oid=
The X.509 specification can be found here:
http://www.itu.int/rec/T-REC-X.509-200508-I/en

What do you think? Should we add the X.509 module, or should I manually do
the encoding?
------------------------------------------------------------------------------
Oracle to DB2 Conversion Guide: Learn learn about native support for PL/SQL,
new data types, scalar functions, improved concurrency, built-in packages, 
OCI, SQL*Plus, data movement tools, best practices and more.
http://p.sf.net/sfu/oracle-sfdev2dev 
_______________________________________________
Freerdp-devel mailing list
Freerdp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freerdp-devel

Reply via email to